"A new project that was setup
to monitor the quality and strength of the SSL implementations on top
sites across the Internet found that 75
percent of them are vulnerable to the BEAST SSL attack and that
just 10 percent of the sites surveyed should be considered secure.
The SSL
Pulse project, set up by the Trustworthy Internet Movement, looks
at several components of each site's SSL implementation to determine
how secure the site actually is. The project looks at how each site
is configured, which versions of the TLS and SSL protocols the site
supports, whether the site is vulnerable to the BEAST or insecure
renegotiation attacks and other factors. The data that the SSL Pulse
project has gathered thus far shows that the vast majority of the
200,000 sites the project is surveying need some serious help in
fixing their SSL implementations."

"The Houston Chronicle is
reporting that Amazon.com
will soon start collecting sales tax from buyers in state of Texas.
'Seattle-based Amazon, which had $34 billion in sales in 2010, has
long opposed collecting taxes. That has drawn fire from state
governments facing budget shortfalls and from traditional
brick-and-mortar retailers, who say online sellers essentially give
customers an automatic discount when they don’t collect taxes.
Combs has estimated the
state loses $600 million a year from untaxed online sales.
However, Amazon has recently begun making deals with a number of
states to collect sales tax. Those deals have usually included a
one- to three-year window exempting Amazon from sales tax
collection.'"

A new legal niche? “If you can't be
civil, we'll fit you for a civil suit?”

It’s an age of unprecedented,
staggering technological change. Business models are being
transformed, lives are being upended, vast new horizons of
possibility opened up. Or something like that. These are all pretty
common assertions in modern business/tech journalism and management
literature.

Then there’s another view, which I
heard from author Neal
Stephensonin
an MIT lecture hall last week. A hundred years from now, he
said, we might look back on the late 20th and early 21st centuries
and say, “It was an actively creative society. Then the internet
happened and everything got put on hold for a generation.”

Stephenson was clearly trying to be
provocative. But he’s not alone in the judgment that we’re not
actually living in an era of great innovation. Economist Tyler
Cowen’s e-book-turned-book, The
Great Stagnation, made similar points: Compared with
the staggering changes in everyday life in the first half of the 20th
century wrought by electricity, cars, and electronic communication,
the digital age has brought relatively minor alterations to how we
live.

… The most common response to such
griping has been, just wait. Many techno-optimists base
their thinking on a
famous 1990 paper by economic historian Paul David, which
described how, for decades, electricity had little effect on
industrial productivity as manufacturers simply swapped out older
energy sources for electric power but changed nothing about how they
made things. It was only as new factories were built that took
advantage of the unique properties of electric motors that a
productivity boom ensued. Just give the digital age a bit more time,
and you’ll see huge changes (and, one hopes, improvements) in how
we work and live.

"If you are looking
for small niche features such as interactive word count, bundled
report designer, or command line filtering etc – LibreOffice
beats OpenOffice hands down. 'Noting the important dates of June
1, 2011, which was when Oracle donated OOo to Apache; and Apache
OpenOffice 3.4 is due probably sometime in May 2012; Meeks compared
Apache OpenOffice 3.4 new features to popular new features from
LibreOffice: 3.3, 3.4, 3.5. It wasn't surprising to find that
LibreOffice has merged many features not found in Apache OO given
their nearly year long head start.'"

This could be very useful as I try to
teach my students my SOP PDQ. (LOL)

When you are browsing websites, you
will come across countless abbreviations. These abbreviations can be
anything, ranging from Internet slang to something specific to the
website you are visiting. What you need is a tool which you can use
to quickly reference abbreviations and their possible meanings
without having to leave the webpage you are currently on. Here to
offer you that is a service called ABBREX.

ABBREX is a free to use browser tool.
It comes as an add-on for Mozilla Firefox and an extension for Google
Chrome. The purpose of ABBREX is to reveal all the possible meanings
of abbreviations you find on websites. Although you could easily
execute a web search to find out what an abbreviation stands for,
ABBREX lets you learn the abbreviation’s meaning without having to
leave the webpage.

With the add-on or extension installed
in your web browser, all you have to do is place your mouse pointer
over an abbreviation and its meaning is shown in a floating window.
Multiple meanings are shown and these are all contributed by ABBREX
users.

OnlineBeta is a website that allows
users to participate in beta tests of unreleased products. Users get
a chance to review products from well-known companies such as
Logitech, Dell, T-Mobile, Polycom, Kodak, Yahoo and many more. The
products range from household items to video games to enterprise
class hardware . The website sends only offers that might catch the
interest of the users.

To use the service, you must sign up
for a free account, and you will be sent offers over the period
according to the information you have provided along with the beta
product details.

A tweet
from the World Privacy Forum pointed out this excellent article by
Willie D. Jones on ieee
Spectrum. Here’s a snippet:

… “I don’t
see how there can be an expectation of [EDR] privacy in a criminal
case,” Gillingham insists. “When you’re driving on public
land, you give up expectation of privacy.” Challenged on whether
that statement conflicts with longstanding U.S. principles of search
and seizure, he says, “There’s an expectation of privacy with
regard to my body or my home; that’s very much different than the
engine of my car.”

But there is a
growing cadre of people who disagree with Gillingham, including the
Court of Appeals of California, Sixth District, which overturned
the manslaughter conviction in February 2011 on the grounds that
law enforcement did not secure a search warrant to retrieve the data.
(The other convictions were left intact.)

In the first civil
lawsuits and criminal cases involving cars equipped with EDRs, auto
companies claimed that they owned the data; courts eventually began
ruling that it belongs to vehicle owners and lessees. But
without federal laws governing who should have access to black box
data, the matter was left to the states. Thus far,
only 13 states have passed laws governing the ownership of EDR data.

According to the London 2012 Olympic
“conditions for ticket holders,” you are not allowed to take
pictures or video of the events nor are you allowed to “exploit”
any video on social networks.

… This means no Instagrams, no
Tweetpics, no Facebooking (“OMG OLYMPICS!!”), and no nothing. In
short, you shouldn’t tell anyone you went to the Olympics.

According to Petapixel,
UK photographers are already being hassled for taking photos of the
Olympic “city” from public places, which suggests perhaps that
London should spring for a geodesic dome to cover the proceedings in
mystery and smash cameras of errant Tweeters.

Meet the data
brokers. There’s a whole industry full of companies who make their
money buying and selling our personal information. TheFTC
is working on busting this dark racket wide open, but in the
meantime, they’re out there. Who are they? Can we stop them?
Read on to find out.

Two months ago, I
was sitting in a federal courtroom in Miami watching as our staff
attorney, Shalini Goel Agarwal, argued for the rights of Florida
state workers against invasive, suspicionless mandatory bodily-fluid
searches. The ACLU of Florida, on behalf of the American Federation
of State, County and Municipal Employees (AFSCME), was challenging an
executive order issued by Gov. Rick Scott requiring random drug
testing for state employees.

Today, a
decision came down in that case affirming the privacy and
personal dignity of thousands of state employees by declaring the
order a violation of the Fourth Amendment. Without a “compelling
need,” a search of your bodily fluids is exactly the kind of
unreasonable search and seizure the Constitution clearly bars.

Read more on the ACLU’s
web site and congratulations to them or their successful
advocacy!

(Related) Just because it's legal
doesn't mean we can't use it against you. It is much easier to look
at every prescription issued by every doctor to see if anything
stands out, than to gather more specific information on the street.
(Drug companies won't complain about increased sales and Insurance
companies are unlikely to pay for unneeded drugs.)

The Vermont Senate
has voted to allow police access without a search warrant to a
database of Vermonters’ prescriptions maintained by the Vermont
Department of Health.

In an 18-11 vote
after more than two hours of debate on Wednesday, the Senate rejected
the arguments of some members that allowing police access to the
database would violate rights against search and seizure promised by
the U.S. and Vermont constitutions.

The majority sided
with those saying police access would not be unlimited, and that
investigators need to be able to crack down on an epidemic of
prescription drug abuse in the state.

The House earlier
voted to require a search warrant before police got access to the
database. A conference committee likely will have to work out the
difference.

As regular readers of this blog know,
I’ve been following the state laws on prescription databases and by
now, many states do have laws that open up databases
to law enforcement in the name of busting prescription
abusers (usually pain killer medications). But since these
situations are usually not emergency situations with imminent danger
involved, why can’t law enforcement be required to show probable
cause to obtain a warrant? Inconvenient for law enforcement,
perhaps, but if the real issue is that law enforcement doesn’t have
enough information to rise to the level of probable cause, do we
really want them able to access someone’s prescription records?

“For every law there is a loophole.”
Who said that? (Every lawyers ever born?)

The
FBI Workaround For Private Companies To Share Information With Law
Enforcement Without CISPA

… In 1997, long-time FBI agent Dan
Larkin helped set up a non-profit based in Pittsburgh
that “functions
as a conduit between private industry and law enforcement.”
Its industry members, which include banks, ISPs, telcos, credit card
companies, pharmaceutical companies, and others can hand over
cyberthreat information to the non-profit, called the National Cyber
Forensics and Training Alliance (NCFTA), which has a
legal agreement with the government that allows it to then
hand over info to the FBI. Conveniently, the FBI has a unit, the
Cyber
Initiative and Resource Fusion Unit, stationed in the NCFTA’s
office. Companies can share information with the
501(c)6 non-profit that they would be wary of (or prohibited from)
sharing directly with the FBI.

The Congressional version of “Ready,
Fire, Aim?” Perhaps, if my Ethical Hackers were to send the 248
Luddites their complete Internet dossier...

Google is pushing
back against a Federal Communications Commission proposal to fine the
Internet company for snooping on people’s Wi-Fi networks using
equipment in its Google Street View cars.

[...]

Google denied it
had obstructed the probe by not making personnel available, saying it
had let the commission take testimony from “everyone the FCC asked
to meet.” The company also argued that “the fact that a certain
engineer was legally unavailable did not leave any
significant factual questions unanswered.”

"Within the next decade,
smart-device swiping will have gained mainstream acceptance as a
method of payment and could largely replace cash and credit cards
for most online and in-store purchases by smartphone and tablet
owners, according to a new survey of technology experts and
stakeholders. Many of the people surveyed by Elon University’s
Imagining the Internet Center and the Pew Research Center’s
Internet & American Life Project said that the security,
convenience and other benefits of “mobile wallet” systems will
lead to widespread adoption of these technologies for everyday
purchases by 2020. Others—including some who are
generally positive about the future of mobile payments—expect this
process to unfold relatively slowly due to a combination of privacy
fears, a desire for anonymous payments, demographic inertia, a lack
of infrastructure to support widespread adoption, and resistance
from those with a financial stake in the existing payment
structure."

Google’s sale
of a previously purchased arm of the company this morning, 3D
modeling software SketchUp,
to Trimble, isn’t just something it does “every now and
again”. It’s actually Google’s first divestment ever,
according to two sources, and we’re hearing the search giant made a
profit, as it sold SketchUp for more than it bought it for back in
2006.

… It wasn’t that SketchUp wasn’t
working. It had 30 million activations since joining Google as part
of @Last
Software in March 2006. But it just didn’t fit with the
direction Google is heading in. It’s a relatively
niche product for architects and the construction
industry, game developers, and filmmakers. It doesn’t fit with
last year’s theme of inherently social product that could be tied
to Google+, or this year’s plan to simplify everyone’s lives.

Thursday, April 26, 2012

Best Practices As new security tools
and techniques become available, you should re-visit applications
that were “cleared” using earlier, less capable tools. I suspect
few organizations do, and therefore don't detect backdoors added by
“cutting edge” hackers.

A reader alerted me to a breach
notification he received from Perfect World subsidiary Cryptic
Studios, a massively multiplayer online role-playing game
developer. You can read the web
version of their notice. The hack occurred in
2010 but was only first discovered now due to “increased security
analysis.”

The intruder reportedly accessed
account names, handles, and encrypted passwords, at least some of
which were apparently decrypted. The intruder also may have been
able to access date of birth, e-mail and billing addresses, and
partial credit card numbers, although Cryptic Solutions doesn’t
believe that those were accessed.

As always, if you had reused passwords
across sites, go change your passwords on the other sites.

(Related) ...and here's why we follow
Best Practices. (Yes, I'm being repetitious and redundant. That too
is a Best Practice.)

"If businesses and consumers
stuck to security basics, they could have avoided
all cases of Conficker worm infection detected on 1.7 million
systems by Microsoft researchers in the last half of 2011. According
to the latest Microsoft Security Intelligence report, all cases of
Conficker infection stemmed from just two attack methods: weak or
stolen passwords and exploiting software vulnerabilities for which
updates existed."

Everything's big in China. When they
decide to clean house, they seem to have no trouble identifying and
gathering up large volumes of 'evil doers.' But then, the first time
is easy. Now that they have been warned, they'll start using
accounts in their lawyer's names.

Police across the
country have arrested more than 1,700 people on suspicion of stealing
or misusing personal information, according to the Ministry of Public
Security.

Under the
ministry’s deployment, police in 20 provincial-level regions,
including Beijing and Shanxi, uncovered 38 operations where people’s
personal details were being illegally traded, according to a
statement posted on the ministry’s website on Tuesday night.

In the first-ever
crackdown of its kind, 611 companies that illicitly
conducted surveys were closed, and 161 unauthorized databases were
destroyed.

I don’t know he is on other
issues, but Texas Attorney General Greg Abbott is one of the most
active AG’s when it comes to pursuing those who dump data or don’t
secure it properly. I can only imagine how mortified he must be by
this breach, which thankfully, could have been much worse if the data
had fallen into the wrong hands.

From the Lone Star Project:

A legal brief
filed by opponents of the Texas Voter Photo ID law reveals that
Attorney General Greg Abbott exposed millions of Texas voters’ full
Social Security numbers to possible theft and abuse.

Texas voters
escaped public release of their Social Security numbers only because
of the vigilance of conscientious lawyers working against the Voter
Photo ID bill. Rather than attach the files to documents circulated
to other attorneys or expose them to access by the general public,
opposing counsel immediately notified the AG’s office of the
bungled release of private data. Abbott then, at the expense of
Texas taxpayers, sent a courier to both New York and Washington, DC
to retrieve the files.

Source code belonging to VMWare has
leaked to the internet after apparently being stolen by a hacker who
claims to have obtained it from a Chinese firm’s network.

The source code belongs to VMWare’s
ESX virtual machine software product, a popular tool for creating and
operating virtual computing environments. The code was posted to the
Patebin web site, a repository for coders that has become a favorite
for hackers to publish purloined wares.

VMWare acknowledged the leak in a note
posted to the company’s web site.

Perhaps my “Technical University”
could team up with the PrivacyFoundation.org and build a few for
demonstration purposes? Nerf weapons anyone?

Who
Has the Right to Fly a Drone Above Your Head? Finally, There's a List

While the government's use of drones in
other countries has drawn scrutiny, there are plenty of drones flying
in American skies on behalf of the military, law enforcement,
universities, and local governments.

… Perhaps most interesting is how
many universities have applied for permits. Some may be working with
military grant money. [Magic words for cutting
through University red tape Bob]

It's a start, but one not likely to
last past November without a lot more public comment. -

This may be the strongest
pro-privacy statement I’ve seen from President Obama. Let’s
hope it’s not just posturing and rhetoric: [Is
it from a politician? Are his lips moving? Bob]

The Administration
is committed to increasing public-private sharing of information
about cybersecurity threats as an essential part of comprehensive
legislation to protect the Nation’s vital information systems and
critical infrastructure. The sharing of information must be
conducted in a manner that preserves Americans’ privacy, data
confidentiality, and civil liberties and recognizes the civilian
nature of cyberspace. Cybersecurity and privacy are not mutually
exclusive. Moreover, information sharing, while an essential
component of comprehensive legislation, is not alone enough to
protect the Nation’s core critical infrastructure from cyber
threats. Accordingly, the Administration strongly opposes H.R. 3523,
the Cyber Intelligence Sharing and Protection Act, in its current
form.

[Yada,
yada, yada Bob]

The House takes up the bill Thursday
and there have been a slew of proposed amendments, the vast majority
of which do not address the main concerns privacy advocates have.

If I ran for President on an “eliminate
TSA” platform, would Obama and Romney even notice?

"With public outcry against the
TSA continuing to spread, the
TSA is defending a recent episode in which a four-year-old was patted
down while kicking and screaming at Wichita Airport in Kansas.
From the AP article: 'The grandmother of a 4-year-old girl who became
hysterical during a security screening at a Kansas airport said
Wednesday that the child was forced to undergo a pat-down after
hugging her, with security agents yelling and calling the crying girl
an uncooperative suspect.'"

Some years ago, this worked into my
model for organizational change. It is very difficult to change an
organization's culture, so you need to create a parallel
organization. When it works the way you want it to, you fold the
original organization and transfer everything to the new one. (If it
doesn't work, kill it and start over.)

The
A/B Test: Inside the Technology That’s Changing the Rules of
Business

… Over the past decade, the power
of A/B testing
has become an open secret of high-stakes web development. It’s now
the standard (but seldom advertised) means through which Silicon
Valley improves its online products. Using A/B, new ideas can be
essentially focus-group tested in real time: Without being told, a
fraction of users are diverted to a slightly different version of a
given web page and their behavior compared against the mass of users
on the standard site. If the new version proves superior—gaining
more clicks, longer visits, more purchases—it will displace the
original; if the new version is inferior, it’s quietly phased out
without most users ever seeing it. A/B allows seemingly subjective
questions of design—color, layout, image selection, text—to
become incontrovertible matters of data-driven social science.

After joining the Obama campaign,
Siroker used A/B to rethink the basic elements of the campaign
website. The new-media team already knew that their greatest
challenge was turning the site’s visitors into subscribers—scoring
an email address so that a drumbeat of campaign emails might
eventually convert them into donors.

… Most shocking of all to Obama’s
team was just how poorly their instincts served them during the test.
Almost unanimously, staffers expected that a video of Obama speaking
at a rally would handily outperform any still photo. But in fact the
video fared 30.3 percent worse than even the turquoise image.
[Amazing! Politicians believing facts! Bob]

"Google could go the way of the
dodo if ultra intelligent electronic agents (UIEA) make their way
into the mainstream, according to technology prognosticator Daniel
Burrus. Siri is just the first example of how a UIEA
could end search as we know it. By leveraging the cloud and
supercomputing capabilities, Siri uses natural language search to
circumvent the entire Google process. If Burrus is right, we'll no
longer have to wade through '30,000,000 returns in .0013
milliseconds' of irrelevant search results."

Why wouldn't your local bank offer the
same service? After all, “that's where the money is.” (Willie
Sutton)

You’d never think that the world of
Nerf guns and dart shooters was so intense, but Hasbro apparently
sued a blogger for leaking information about unreleased Nerf products
he found on Chinese marketplace Taobao
using the sweetest bait imaginable: free Nerf guns.

Urban
Taggers is a blog about “assault blasters” for “kidults.”
Essentially they cover Nerf guns and the like and are fairly popular
in the space. The lead blogger, Pocket, ran a review of an
unreleased gun. A few days later, he received a note from Hasbro
offering some guns to giveaway to his readers. Eager to share the
blaster love, he agreed and sent his address. That’s when his
troubles began.

Immediately after the emails went back
and forth, Pocket received a letter from Hasbro’s lawyers accusing
him of IP theft.

Perspective. Can you see shelves full
of Kindles? Me neither...

http://www.bespacific.com/mt/archives/030138.html

April 25, 2012

Pew
Presentation: Public libraries in the digital age

Public
libraries in the digital age by Mary Madden, Kathryn Zickuhr, Apr
25, 2012 at Chief Officers of State Library Agencies: "They
presented findings on the rise of e-reading, including reading-device
ownership and the general reading habits/preferences of Americans.
Their presentation included libraries research fact sheets:

"'Science fiction publisher Tor
UK is dropping
digital rights management from its e-books alongside a similar
move by its U.S. partners. ... Tor UK, Tor Books and Forge are
divisions of Pan Macmillan, which said it
viewed the move as an "experiment."'
With experiments, come results. Now users can finally read their
books across multiple devices such as Amazon's Kindle, Sony Reader,
Kobo eReader and Apple's iBooks. Perhaps we will see the *increase*
of sales, because the new unrestricted format outweighs the decrease
caused by piracy?"

Yesterday, I Tweeted
a story from Open
Culture that highlighted 12 animated Shakespeare stories. In my
investigation of the video source that Open Culture highlighted, I
discovered Shakespeare
Animated. Shakespeare Animated is a YouTube channel containing
twelve playlists ten of which are animated adaptations of
Shakespeare's most famous plays. Some of the animated plays that
appear in the Shakespeare Animated playlist are Romeo and Juliet,
Hamlet, MacBeth, and The Taming of the Shrew. I've
embedded part one of Romeo and Juliet below.

The Shakespeare
Animated videos could be useful for supporting your students'
reading of Romeo and Juliet or any of the nine other plays in the
list. Because the plays are broken into segment they are well-suited
to being used one class meeting at a time. You could show the ten to
twelve minute segments

Another
Crowdfunding Player Enters The Fray: Apps Genius Launches
GetFunded.com

… Like Kickstarter and many others,
GetFunded will be a
“crowdfunding platform for entrepreneurs who are seeking new
investments in their businesses and ideas,” according to a
statement
from App Genius.

"The vulnerability of wireless
medical devices to hacking has now attracted attention in Washington.
Although there has not yet been a high-profile case of such an
attack, a proposal has surfaced that the Food and Drug Administration
or another federal agency assess
the security of medical devices before they're sold. A
Department of Veterans Affairs study showed that between
January 2009 and spring 2011, there were 173 incidents of medical
devices being infected with malware. The VA has
taken the threat seriously enough to use virtual local area networks
to isolate some 50,000 devices. Recently, researchers from Purdue
and Princeton Universities announced that they had built a prototype
firewall known as MedMon to protect wireless medical devices from
outside interference."

Cyberthings
for Managers - overview of significant cyber warfare events from the
news: "Cyberthings for Managers is created by Reuser’s
Information Services to meet a growing demand by managers in the
domain of cyber warfare for a quick overview of the most important
events of the past weeks in the field, without being overwhelmed by
technical details, individual incidents, or repetitions of earlier
news. Cyberthings will list a summary of significant events in the
world of Cyberwarfare from Governmental level down. There will be no
listings of technical hacks, detailed descriptions of cyberweapons,
repetitions of detailed cybercrime events, only the more strategic
events will be covered." [via Marcia E. Zorn]

"The Consumer Federation of
America (CFA) released Best Practices for Identity Theft Services:
How Are Services Measuring Up?, which analyzes how
well identity theft services are providing key information to
prospective customers. The study is based on CFA’s Best
Practices for Identity Theft Services, voluntary guidelines that
CFA developed with the help of identity theft service providers and
consumer advocates. Released last year, the best practices resulted
from CFA’s first study
of identity theft services in 2009, which raised concerns about
misleading claims about the ability to protect consumers from
identity theft, lack of clear information, and other troublesome
practices."

Via CUInsight,
a letter that has some recommendations many readers might agree with:

… On behalf of the National
Association of Federal Credit Unions (NAFCU), the only trade
association exclusively representing our nation’s federal credit
unions, I write today in regards to the issue of cyber security.

… With that in mind, NAFCU
specifically recommends that the House consider the following issues
related to data security as you tackle the broader issue of cyber
security:

Payment of Breach Costs by
Breached Entities: NAFCU asks that credit union expenditures for
breaches resulting from card use be reduced. A reasonable and
equitable way of addressing this concern would be to require
entities to be accountable for costs of data breaches that result on
their end, especially when their own negligence is to blame.

The
nation faces an evolving array of cyber-based threats arising from a
variety of sources. These threats can be intentional or
unintentional. Unintentional threats can be caused by software
upgrades or defective equipment that inadvertently disrupt systems,
and intentional threats can be both targeted and untargeted attacks
from a variety of threat sources. Sources of threats include
criminal groups, hackers, terrorists, organization insiders, and
foreign nations engaged in crime, political activism, or espionage
and information warfare.

… The
number of cybersecurity incidents reported by federal agencies
continues to rise, and recent incidents illustrate that these pose
serious risk. Over the past 6 years, the number of incidents
reported by federal agencies to the federal information security
incident center has increased
by nearly 680 percent.

… When you upload or otherwise
submit content to our Services, you give Google (and those we work
with) a worldwide licence to use, host, store, reproduce, modify,
create derivative works (such as those resulting from translations,
adaptations or other changes that we make so that your content works
better with our Services), communicate, publish, publicly perform,
publicly display and distribute such content.

The rights that you grant in this
licence are for the limited purpose of operating, promoting and
improving our Services, and to develop new ones. This
licence continues even if you stop using our Services (for
example, for a business listing that you have added to Google Maps)."

News
release: "The Harvard Library announced it is making more
than 12 million catalog records from Harvard’s 73 libraries
publicly available.
The records contain bibliographic information about books, videos,
audio recordings, images, manuscripts, maps, and more. The Harvard
Library is making these records available in accordance with its Open
Metadata Policy and under a Creative
Commons 0 (CC0) public domain license. In addition, the Harvard
Library announced its open distribution of metadata from its Digital
Access to Scholarship at Harvard (DASH) scholarly article
repository under a similar CC0 license... The catalog records are
available for bulk download from Harvard, and are
available for programmatic access by software applications via API's
at the Digital Public Library of America (DPLA). The
records are in the standard MARC21 format."

Wavii
is quite simply a neat way to follow your favourite topics. Unlike
your RSS feeds, Wavii is filtered so that only one headline for each
story is shown to you. So, you’re able to keep track of the big
events in each topic without being drowned in repeat information.

… Wavii only allows Facebook
sign-in, which will upset a few people for sure.

For my fellow teachers. Perhaps we
could create a lesson on how to create a lesson?

Today, it's going a step further:
TED-Ed is launching a suite of tools that allow teachers to design
their own web-assisted curricula, complete with videos,
comprehension-testing questions, and conversational tools. TED-Ed
provides a template -- think Power Point slides, with populate-able
fields -- that teachers can fill in with customized content: lesson
titles, lesson links, student names, embedded video, test questions,
and the like. Once saved, a lesson generates a unique URL, which
allows teachers to track which students have watched assigned videos,
how they've responded to follow-up questions, and, in general, how
they've interacted with the lesson itself.

All cloud storage services offer a free
plan, with varying levels of storage and features.

… let's take a look at the free
upgrades some of these services are offering, and how you can take
advantage of them today.

First, let's get the services out of
the way that aren't currently offering free upgrades.
SkyDrive, Google
Drive, Cubby, and iCloud
all start with a free plan, then if you need more storage you'll have
to pay.

Tuesday, April 24, 2012

An
Open Letter From Security Experts, Academics and Engineers to the
U.S. Congress: Stop Bad Cybersecurity Bills

… . The bills nullify current legal
protections against wiretapping and similar civil liberties
violations for that kind of broad data sharing. By encouraging the
transfer of users’ private communications to US Federal agencies,
and lacking good public accountability or transparency, these
“cybersecurity” bills unnecessarily trade our civil liberties for
the promise of improved network security. As experts in the field,
we reject this false trade-off and urge you to oppose any
cybersecurity initiative that does not explicitly include appropriate
methods to ensure the protection of users’ civil liberties.

Here's
my nightmare. Manning yells “Hike!” and the Offensive line
breaks into their “Dancing with the Stars” routine... Therefore,
from this day forward, you must be a Broncos fan to enroll in the
Ethical Hacker program.

The
Denver Broncos are tossing out the tradition of printing 500-page
playbooks every week for each of the 120
players, coaches, scouts and other personnel.

…
Now when Broncos head coach John Fox [Or one of my
students Bob] adds a play, the update will be pushed
automatically to the playbook app on each player's iPad.

…
The Broncos figure the savings from not having to print tens of
thousands of playbook pages each season will help offset the cost of
purchasing 120 iPads with Verizon Wireless 4G access — many of them
the top model featuring 64 gigabytes of data, which retail for $829
each. [Did these guys actually take classes in
college? Bob]

This
is completely and totally unrelated to my Ethical Hackers. Rumors
that it was them are based on a student paper “Using technology to
impact the global economy”

The good folks at Out-Law.com spell out
a recent European Court of Justice ruling:

The Data Retention
Directive does not contain terms that prevent internet protocol (IP)
addresses that ISPs must store under the terms of the law from being
used by rights holders in civil legal proceedings to identify alleged
copyright infringers, the Court said.

It said that other
EU laws on privacy and electronic communications (e-Privacy
Directive) and the enforcement of intellectual property rights (IPR
Directive) read together allow member states to form national laws
that provide a means for rights holders to obtain disclosure of
personal data about alleged illegal file-sharers subject
to the condition that courts in those countries can determine the
legitimacy of disclosure on a case-by-case basis.

If I’m understanding their analysis,
a country (member state) can choose not to enact law that would
require ISPs to turn over information in such disputes, but if it
does enact such legislation permitting it, there has to be protection
of the user’s rights so that the court considers the matter on a
case-by-case basis. No big John Does 1-2 million type cases there,
then? Or have I misunderstood the ruling?

"On Friday, more than 1,300
employees of London-based Aviva Investors walked into their offices,
strolled over to their desks, booted up their computers and checked
their emails, only to learn the shocking news: They
would be leaving the company. The email ordered them to hand
over company property and security passes before leaving the
building, and left the staff with one final line: 'I would like to
take this opportunity to thank you and wish you all the best for the
future. 'This email was sent to Aviva's worldwide staff of 1,300
people, with bases in the U.S., UK, France, Spain, Sweden, Canada,
Italy, Ireland, Germany, Norway, Poland, Switzerland, Belgium,
Austria, Finland and the Netherlands. And it was all one giant
mistake: The email was intended for only one
individual." [“We typed 'ALL'
when we meant to type 'Al'” Bob]

Be
careful what you say under your own name. Say all the evil,
incriminating stuff under the name of your friendly neighborhood law
professor... If my Tweets are “not mine” is that a defense?

More from the Malcolm Harris/Twitter
subpoena case. Joseph Ax reports:

An Occupy Wall
Street protester has lost his bid to quash a subpoena seeking his
Twitter records from last fall, when he was arrested during a mass
protest on the Brooklyn Bridge.

Criminal Court
Judge Matthew Sciarrino Jr., who is overseeing a special courtroom
dedicated to handling nearly 2,000 Occupy-related cases, ruled that
Malcolm Harris did not have standing to challenge the third-party
subpoena. Prosecutors from the Manhattan District Attorney’s
Office served the subpoena on Twitter in January, requesting Harris’
user information and more than three months’ worth of tweets.

The
judge compared Harris to a bank account holder who by law cannot
challenge a subpoena of his records served on his bank.

“Twitter’s
license to use the defendant’s Tweets means that the Tweets the
defendant posted were not his,” the judge wrote in a decision filed
Friday.

So… does this
strike anyone as an appropriate use of social media by DHS?

Eleven hours
before I was arrested during the Occupy Miami eviction in January,
the Miami-Dade Police Homeland Security Bureau sent an email to
various police officers, which was then forwarded to the department’s
public information officers – including arresting officer Major
Nancy Perez – informing them that I would be documenting the
action.

The subject of the
email was “Multimedia information/Situational Awareness.” It
included my Facebook profile photo where I’m trying my hardest to
look like a terrorist thug.

Carlos Miller
is a Miami multimedia journalist who has been arrested twice for
taking pictures of law enforcement. He has publicly posted on social
networks that he will be taking pictures today in order to document
the eviction.

… Rand concluded, as have I, and
many others, that the primary problem in e-discovery is the high cost
of document review. They found it constitutes 73% of the total cost
of e-discovery. For that reason, Rand focused its first report on
electronic discovery on this topic, with side comments on the issue
of preservation.

… Where
The Money Goes: Understanding Litigant Expenditures for Producing
Electronic Discovery is a must read that is within everyone’s
budget. It can be downloaded for free,
both a summary
and the full
report (131 pages), but I recommend you read the full report.

… “Here I have a list of
collected ‘old’ magazines, that are no longer circulated, but
instead used as objects in galleries, as collectible items, and
things to search for in your (or others) grandparents attic. Rather
than physically creating a space to collect and archive these
magazines, we are using this “webspace” as a repository for
once-upon a time publications.

"Minnesota
Public Radio is running a story about the University of Minnesota's
Open Textbooks
project. The goal of the project is to solicit
reviews of college-level open source textbooks and collect those
that pass muster onto their website. The project will focus first on
high-volume
introductory classes such as those for Math and Biology, because
as David Ernst, director of the project, states in the interview:
'You know the world doesn't need another $150 Algebra One book.
Algebra One hasn't changed for centuries, probably.'"

When I first heard about Instagrok,
a new “educational search engine,” I admit, I wasn’t that
thrilled with the idea. It’s not that I think Google is the
perfect search engine. It’s not that I think the company is
unassailable in the area that was once its core product (remember
those days?). I’m a huge fan of DuckDuckGo,
for example, as I think that it offers high quality, low-spam search
results – with major bonus points for caring about users’
privacy.

… This isn’t about finding “the”
answer to a search query; rather it’s about, in his words “seeing
the topic” and learning more about what you’re researching –
concepts, definitions, and connections. “Learning is an
exploratory process,” he told me, arguing that the way students
move through the Web should encourage that exploration. It shouldn’t
just be about clicking on the “first blue link.”

… Sometimes I think I spend more
time working on my bibliography than I spend writing the entire
paper. Thankfully, Citelighter exists to make this process easier.

Citelighter
is a handy Firefox toolbar that grabs information directly from the
source and stores all the bibliographical information for you. You
simply need to highlight the information you need and tell the
toolbar to capture it. It will pull as much bibliographical
information from the webpage as it can find, and you may only have to
enter a couple of fields. Once you save it, it will be stored on
your account and accessible from anywhere.

Cruxbot is an interesting new web tool
that helps to summarize web pages. With a simple bookmarklet tool,
this tool reads through any site -
presumably with a large amount of text - and it
summarizes the content. The summary can be lengthened or
shortened by the user and users can even identify keywords to focus
the learning on a particular issue. Very cool idea which works
fairly well.

SelfRestraint is a Python-based free to
use open-source desktop application currently available for Windows
and Linux, with a Mac version coming soon. The app simply lets you
enter websites that you find distracting. You can then set a time
duration for which these websites should be blocked.

Using this handy editor you can create
mathematical equations of all kinds with little or no coding skill
required. Most of the equations are created by simply clicking on an
image and filling in the numerals needed.

… The best part of all is that none
the Kindle free classics are abridged!

Below, we have six classics that you
may or may have not been able to read on the Kindle,
so don’t hesitate. Also, for those of you who don’t have a
Kindle,
you really shouldn’t feel left out. With the Kindle app and the
Cloud Reader, you can join right in and read all of these on whatever
device you happen to have.

Grovo
is a service that offers video lessons on how to use a huge array of
web apps and web services. Grovo lessons on the subjects of Internet
basics, productivity, business tools, communication, lifestyle, and
entertainment. Within each of these subjects you can learn how to
use hundreds of different websites and web apps. Not sure how to set
up filters in your email? Grovo can teach you. Confused about
privacy settings on Facebook? Grovo lessons can clarify them for
you. Have an interest in Pinterest, but don't know how to use it?
Grovo lessons will help you learn.

Grovo's
video lessons aren't just stand-alone videos. There
a part of a sequence of video courses. Each course has
guiding questions that you can use to check your knowledge along the
way.

Before you get too
excited about Grovo,
you should know that their course offerings a mix of free and paid
enrollment courses. The courses marked with a big "G"
indicate that they are courses for which you will have to pay to
enroll.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.